By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,967 Members | 1,684 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,967 IT Pros & Developers. It's quick & easy.

Good Forgot Password Script?

P: n/a
Anyone have a good script to provide users with the opportunity to have
their password changed, and then the new one emailed to them?

Jul 16 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
> Anyone have a good script to provide users with the opportunity
to have their password changed, and then the new one emailed to them?


I just did one. I won't provide the whole damn code, but here's a sketch
of how it works:

(I assume Your user has an account with a unique username and a mail
address. Otherwise this won't work. No new mail address will be accepted
when requesting a new password, of course.)

1. User provides his username in sendpassword.php
2. sendpassword.php does:
* insert username and new random password into a separate
table (not the usertable!)
* send link to ->changepassword.php with username and new
password to mail address from usertable,
commenting that someone (not necessarily the account owner)
has applied for a new password.
3. changepassword.php accepts username and newpassword,
deletes values from temp table and sets new password value
(md5()!)
If You're really nice, provide an input field to change the
random password instantly to a personal password.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!
Security issues:
* All Your password fields are md5 encrypted
* use https, if You can
* use a routine to expire the temp values in a set interval of,
say, 24 hours
* If Your user's data is /very/ delicate, _do_not_use_this_method_!
(Mail is not safe)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!

(anyone have improvements?)

Enjoy coding!

rudi

Jul 16 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.